scheduler

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly shows cron prompts like "Search and summarize today's most important AI news" (cron add examples and the "When to Use What" table), which implies the scheduled agent run will fetch and interpret open/public news/web content and therefore can be influenced by untrusted third-party material.